On Tue, Jul 15, 2008 at 7:00 AM, Bill Schwab <BSchwab at anest.ufl.edu> wrote:
> RemoteFrameBuffer looks like it could be very useful, though it appears
> to encrypt only for password exchange. Do you have any concerns about
> its security? Assuming I am seriously paranoid about such things (gotta
> be with medical records), should *I* be concerned about its security? I
> reserve the right to be concerned regardless of your reply, but I am
> curious about your take on it.
We have modified the RemoteFrameBuffer package to only listen on the
internal IP. To access it from the outside, we use an ssh tunnel, eg,
ssh -L 5900:localhost:5900 server.example.com
And then we point our VNC client at localhost:0.
This ensures the the network traffic is encrypted, and uses ssh as an
additional level of authentication.
Avi